Summary5 min read

Podcast Summary: Cybersecurity Headlines — March 11, 2026

Podcast: Cybersecurity Headlines
Host: CISO Series (Rich Stroffelino)
Episode: New Cyber Command chief, Russia targets Signal, Codex Security
Date: March 11, 2026

Episode Overview

This episode delivers a brisk roundup of the latest news shaping the information security landscape. Highlights include the historic confirmation of a new U.S. Cyber Command chief, state-sponsored phishing targeting encrypted messaging users, significant advances in AI-powered vulnerability scanning, persistent cyber espionage threats to Finland, a notable Meta acquisition, findings on the CADNAP botnet, Microsoft advancements in passkey support, and CISA’s tightening of federal patch timelines.

Key Discussion Points and Insights

1. New Head of U.S. Cyber Command and NSA Confirmed

[00:06–01:42]

Army Lieutenant General Joshua Rudd confirmed as the new dual-hatted chief of US Cyber Command and the NSA.
- Senate vote: 71–29, a rare floor vote for this position.
- Position had been vacant nearly a year.
Rudd’s Background:
- Deputy Chief, US Indo-Pacific Command; prior Special Forces experience.
- Notably lacks signals intelligence or direct cyber operations experience.
- Will continue the “dual hat” leadership model for 18 months, as affirmed by President Trump.
Opposition:
- Senator Ron Wyden called for the floor vote, stating:
  
  “Rudd’s lack of experience and vague answers about using the NSA's surveillance tools for warrantless spying on U.S. citizens.” — [00:40]

2. Russian Actors Target Encrypted Messaging Users

[01:43–02:30]

Dutch intelligence reports Russian-linked campaigns targeting Signal and WhatsApp users—not by breaking encryption but via social engineering.
- On Signal: Attackers posed as support, warning users of data leaks to obtain PIN codes, potentially letting them hijack accounts.
- On WhatsApp: Attackers tried to exploit the “link device” feature to gain access to messages.
- The apps' encryption remains uncompromised.

3. OpenAI Launches “Codex Security” Vulnerability Scanner

[02:31–03:14]

OpenAI’s Codex Security (formerly Aardvark) rolls out a vulnerability scanner akin to Anthropic’s “Claude Code.”
- Available as a research preview to select ChatGPT customers.
- In initial testing, Codex Security uncovered over 10,000 high-severity issues across major projects (e.g., Chromium, OpenSSL, PHP, GnuTLS).
- Previous similar announcement by Anthropic affected stock prices; whether Codex’s launch will do the same remains seen.
Quote:

“It was big news when Anthropic rolled out vulnerability scanning in Claude code. And so it’s a big deal when OpenAI did the same now with Codex.” — [02:34]

4. Intensified Cyber Espionage Against Finland

[03:15–03:58]

Finnish Security and Intelligence Service warns of “persistent” cyber operations targeting the tech sector, government, and research institutions.
- Culprits: Russian and Chinese intelligence.
- Aim: Steal sensitive research, intellectual property, and influence operations through misinformation.
- Threat persists after Finland expelled Russian diplomats.
- Assessment:
  
  “No prospect of such operations subsiding even in the long term.” — [03:35]

5. Meta Acquires Moltbook

[04:15–05:00]

Meta acquires Moltbook (a Reddit-like platform for AI agents), including founder Matt Schlicht and Ben Parr.
- Platform is to be integrated into Meta’s Superintelligence Labs; Moltbook itself will shut down.
- Notably, Moltbook had a widely exposed production database at launch, revealing many fake or bot accounts.
- Acquisition fits into ongoing AI innovation hires (referencing Peter Steinberger’s move to OpenAI).

6. CADNAP Botnet Targets Asus Routers

[05:01–05:43]

Black Lotus Labs details CADNAP, a stealthy botnet active since August 2025.
- 14,000+ infected devices, half Asus routers, majority in the U.S.
- Uses customized CAdemlia DHT protocol to hide IPs.
- Persistent via malicious cron script—runs every 55 minutes.
- Linked to “Doppelganger” proxy service.

7. Microsoft Introduces Passkey Support for Entra

[05:44–06:12]

Microsoft rolling out passkey support for Entra accounts; user passkeys stored/handled by Windows Hello.
- Passkeys are device-bound and not synced, supporting multiple accounts per device.
- Public preview mid-March through end of April. Government cloud rollout: mid-April to mid-May.

8. CISA Tightens Deadlines for Critical Patching

[06:13–06:44]

CISA adds urgent vulnerabilities to its Known Exploited Vulnerabilities catalog—now with shorter patching deadlines.
- SolarWinds Web Help Desk critical flaw (public since September, actively exploited): patch required by March 12.
- Two additional vulnerabilities, one in Ivanti EPM, each with just two weeks to patch.
Insight:

“Generally… three weeks to patch. However, the latest round of additions have been given tighter deadlines.” — [06:13]

Notable Quotes & Memorable Moments

On New Cyber Command Chief’s Experience:

“Rudd has no prior experience in signals intelligence or cyber operations.” — Host [00:24]
On Ongoing Espionage in Finland:

“The assessment painted a bleak picture, stating that the country faces continual attempts at cyber espionage with no prospect of such operations subsiding even in the long term.” — Host [03:35]
Regarding OpenAI’s Vulnerability Scanner:

“OpenAI said it found over 10,000 high severity issues… including in widely used projects like Chromium, OpenSSL, PHP, and GnuTLS.” — Host [02:50]

Timestamps for Important Segments

| Timestamp | Segment | |-----------|-----------------------------------------------------| | 00:06 | New NSA & Cyber Command Leadership Confirmed | | 01:43 | Russia Targets Encrypted Messaging Apps | | 02:31 | OpenAI’s Codex Security Vulnerability Scanner | | 03:15 | Persistent Cyber Espionage in Finland | | 04:15 | Meta’s Acquisition of Moltbook | | 05:01 | CADNAP Botnet Details | | 05:44 | Microsoft Passkey Support For Entra | | 06:13 | CISA’s Accelerated Patch Deadlines |

Summary Table

| Topic | Key Takeaway | |-------------------------------------|------------------------------------------------------------------------------------------------------------------| | U.S. Cyber Command Chief | Lt. Gen. Joshua Rudd confirmed despite no SIGINT/cyber ops background | | Russian State Phishing | Attacks on Signal/WhatsApp users target human error, not encryption | | OpenAI Codex Security | Powerful new vuln scanner finds tens of thousands of serious bugs in major open source projects | | Finnish Espionage Threat | Russian, Chinese actors keep up aggressive, nation-state cyber espionage | | Meta Acquires Moltbook | AI-centric Reddit clone, plagued by poor security, absorbed by Meta's research labs | | CADNAP Botnet | Large new botnet, hides command infra using custom DHT, heavy on Asus routers in the US | | Microsoft Entra Passkeys | Moving to passkey-based authentication, with granular device/account management | | CISA Patch Deadlines | Patch timelines for federal agencies shortened in response to ongoing exploits |

Conclusion

This episode offers an incisive look at developments across national cybersecurity leadership, AI-driven security tooling, persistent state-backed threats, and evolving enterprise security practices. The show’s rapid delivery and expert curation make it essential brief listening for security professionals.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines
[00:07]
B
these are the cybersecurity headlines for Wednesday, March 11, 2026 I'm Rich Stroffelino, NSA and Cyber Command head Confirmed In a rare floor vote, the US Senate voted 71 to 29 to confirm Army Lieutenant General Joshua Rudd as the head of US Cyber Command and director of the National Security Agency. The post had been vacant for almost a year, with Lt. Gen. William Hartman serving in an acting capacity. Rudd currently serves as the Deputy chief of US Indo Pacific Command and previously has held jobs in Special Forces leadership. He has no prior experience in signals intelligence or cyber operations. Rudd will continue the dual hat leadership of Cyber Command and the nsa, with the record sources saying. President Trump told aides he settled on a clean 18 month extension for the leadership format. Senator Ron Wyden called for the floor vote as part of his opposition to Rudd's nomination, citing his lack of experience and vague answers about using the NSA's surveillance tools for warrantless spying on U.S. citizens. Russians targeting encrypted messaging app users the Netherlands Defense Intelligence and Security Service and the General Intelligence and Security Service published details about a campaign by entities tied to Russian state actors targeting users of signal and WhatsApp. This didn't crack either app's end to end encryption. Instead, Dutch intelligence saw Signal users targeted by people posing as the app's support team, warning specific users about data leaks and trying to get their PIN codes. These codes could be used to register a new device and intercept new messages. On WhatsApp, the attacks tried to trick people into using the link device feature to gain access to all messages. OpenAI rolls out vulnerability scanner it was big news when Anthropic rolled out vulnerability scanning in Claude code. And so it's a big deal when OpenAI did the same now with Codex. Codec Security was previously known as Aardvark in private beta testing since last year and now available as a research preview to ChatGPT Pro Enterprise Business and EDU customers. In testing, OpenAI said it found over 10,000 high severity issues with codec security, including in widely used projects like Chromium, OpenSSL, PHP and Gnutls. Anthropic's announcement had stock market implications. We'll see if that becomes part of the story with Codex Security. Finns warned of persistent cyber espionage, according to a new security assessment from the Finnish Security and Intelligence Service. The country's tech sector, government and research institutions face sustained operations from Russian and Chinese intelligence services. The assessment painted a bleak picture, stating that the country faces continual attempts at cyber espionage with no prospect of such operations subsiding even in the long term. These attacks are attempting to steal sensitive research and intellectual property, supplement traditional espionage efforts that were scuttled after Finland expelled Russian diplomats and spreading misinformation as part of larger influence operations. And now, thanks to today's episode sponsor Dropzone AI remember yesterday's 3am threat intel? Here is how it plays out with Dropzone AI. The threat intelligence drops dropzone picks it up, turns it into a threat hunt and runs it across your sim, EDR and cloud data while your team sleeps. By morning, your analysts have answers, not a backlog. That is the AI Threat Hunter, the newest agent on the team, debuting at RSAC booth 455 South Expo Hall. To learn more, head on over to dropzone AI. Meta acquires Multbook you'll be forgiven if you've already forgotten about the AI flavor of the week that was Moltbook. This was a Reddit clone designed for use by AI agents, created by Matt Schlicht and Ben Parr. Well, Meta didn't forget them acquiring the platform and the team behind it in an undisclosed deal. Schlicht and Part will roll into Meta's Superintelligence Labs unit on March 16, with Multbook itself shutting down around the same time. Molt Book was notable in that it left its production database completely exposed at launch, revealing that a large number of accounts were created by just a few users and that it had no system for verifying if users were actually bots. This comes a month after OpenClaw creator Peter Steinberger was hired by OpenAI CADNAP botnet targeting Asus routers. Researchers at Black Lotus Labs detailed the newly discovered CADNAP botnet active since August 2025. This currently has about 14,000 enabled devices communicating through a customized version of the CAdemlia distributed hash table protocol to conceal IP addresses. About half the botnet is made up of asus routers, with 60% of all infected devices in the U.S. cADNAP spreads through a malicious script that establishes persistence on routers and edge devices as a cron job that runs every 55 minutes. The researchers believe CADNAP is tied to the Doppelganger proxy service. Microsoft rolls out Passkey support for Entra. Microsoft says it will allow users to create device bound passkeys stored in the Windows hello container and authenticate using Windows hello. Each Entra account will register a passkey per device with support for multiple accounts per machine. These keys will be device bound and not synced Passkey support will go into a opt in global public preview in mid March and run through the end of April. After that it will roll out to government cloud environments starting in mid April through mid May. CISA Shortens Patch Time for Critical Bugs Generally when CISA adds a vulnerability to its known Exploited vulnerabilities catalog, federal civilian agencies have three weeks to patch. However, the latest round of additions have been given tighter deadlines. On Monday, CISA added a critical vulnerability for SolarWinds Web Help Desk, first discovered by Trend Micro back in September and has since been actively exploited. Agencies have until Thursday, March 12 to patch. CISA also added two vulnerabilities this week with a shorter two week patch deadline, one of which impacts Ivanti EPM and reportedly has been actively exploited since February Are you subscribed to The CISO Series YouTube channel? You're not? Well, it's not too late. Just search for ciso series on YouTube. You'll find us there. You'll see clips from all of our shows, original shorts and interviews, product demos, and the latest updates from the CISO series. Be sure to subscribe so you don't miss a thing. And if you're in the San Diego area, be sure to join us for our San Diego Cyber group meetup today, March 11th. You'll get to meet David Spark, fellow CISO Series fans, and maybe even get some sweet CISO Series swag. Full details are on our events page@cisoseries.com check it out if you're interested in coming. And if you have any thoughts about the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. Reporting for the CISO Series, I'm Rich Stroffelino, reminding you to have a super Sparkly day.
[07:03]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.